the bandera perspective
play

The Bandera Perspective This talk will focus on Bandera and Cadena - PDF document

Jan 01, 2023 •245 likes •560 views

Software Model-checking: The SAnToS/Bandera Perspective SAnToS Laboratory, Kansas State University, USA http://www.cis.ksu.edu/bandera Principal Investigators Postdocs and Students Radu I osif Robby Matt Dwyer Hongjun Zheng Venkatesh

  1. Software Model-checking: The SAnToS/Bandera Perspective SAnToS Laboratory, Kansas State University, USA http://www.cis.ksu.edu/bandera Principal Investigators Postdocs and Students Radu I osif Robby Matt Dwyer Hongjun Zheng Venkatesh Ranganath John Hatcliff Corina Pasareanu Oksana Tkachuk Georg Jung William Deng Support US National Science Foundation (NSF) Rockwell-Collins ATC US National Aeronautics and Space Agency (NASA) Honeywell Technology Center and NASA Langley US Department of Defense Sun Microsystems Advanced Research Projects Agency (DARPA) Intel US Army Research Office (ARO) The Bandera Perspective This talk will focus on Bandera and Cadena and will give the Bandera/SAnToS perspective on software model-checking For other perspectives see… � Java PathFinder – JPF (NASA Ames) � SLAM Project (Microsoft Research) � BLAST Project (U. Berkeley) � FeaVer Project (Lucent/Bell Labs) � Alloy (MIT) 1

  2. Goals of the Project I. Provide platform for construction of and experimentation with technologies for model-checking concurrent Java software … model-reduction techniques … model-checking engines e.g., abstraction, slicing, e.g., explicit -state, symbolic compiler-based optimizations … property specification languages e.g., temp logic, state machines II. Integration with commonly used design notations, methods, and processes … UML artifacts, CCM … integration with development e.g., checking, specification and certification of safety-critical systems. … automatic generation of synchronization code with dedicated checking III. Evaluation using safety-critical military and civilian applications as well as non-critical popular open-source software In This Talk… � Challenges in model-checking software and how Bandera addresses these (30 minutes) � Overview of Bandera tool architecture and functionality of primary components (40 minutes) � --- break --- � Specification Patterns (20 minutes) � Modeling Avionics Software (40 minutes) � Conclusions (10 minutes) 2

  3. Goals � Draw connections with earlier lectures and explain how various concepts and techniques are similar/different in software � Highlight hard open problems related to software model-checking � Share what I think are future trends in software model-checking and why we as a community have some reasons for being optimistic Model Checking OK Finite-state model or Error trace Model Checker (Φ Ω) Li ne 5: … Li ne 12: … Li ne 15: … Li ne 21: … Temporal logic formula Li ne 25: … Li ne 27: … … Li ne 41: … Li ne 47: … 3

  4. What makes model-checking software difficult? OK Finite-state model or Error trace (Φ Ω) Model Checker Li ne 5: … Li ne 12: … Temporal logic formula Li ne 15: … Li ne 21: … Problems using existing checkers: � State explosion � Model Construction � Property specification � Output interpretation Model Construction Problem voi d a dd( Obj e c t o) { buf f e r [ he a d] = o; he a d = ( he a d+1) % s i z e ; } Obj e c t t a ke ( ) { … t a i l =( t a i l +1) % s i z e ; Gap r e t ur n buf f e r [ t a i l ] ; } Model Checker Program Model Description Semantic gap: Programming Languages methods, inheritance, dynamic creation, exceptions, etc. Model Description Languages automata 4

  5. Model Construction Problem � Due to state explosion, model-checking should not be applied to an entire code base, but rather to a unit � In OO software, boundaries between units are usually messy! references flow out of unit, � Unit and external components can change state of objects created in unit call-backs (in all GUI code) � tedious to identify � Code Base interaction points and define stubs/drivers What makes model-checking software difficult? OK Finite-state model or Error trace (Φ Ω) Model Checker Li ne 5: … Li ne 12: … Temporal logic formula Li ne 15: … Li ne 21: … Problems using existing checkers: � State explosion � Model Construction � Property specification � Output interpretation 5

  6. Property Specification Problem Difficult to formalize a requirement in temporal logic “Between the window open and the window close, button X can be pushed at most twice.” …is rendered in LTL as... [ ] ( ( ope n / \ <>c l os e ) - > ( ( ! pus hX / \ ! c l os e ) U ( c l os e \ / ( ( pus hX / \ ! c l os e ) U ( c l os e \ / ( ( ! pus hX / \ ! c l os e ) U ( c l os e \ / ( ( pus hX / \ ! c l os e ) U ( c l os e \ / ( ! pus hX U c l os e ) ) ) ) ) ) ) ) ) ) Property Specification Problem Forced to state property in terms of model rather than source We want to write source level specifications ... He a p. b. he a d == He a p. b. t a i l We are forced to write model level specifications... ( ( ( _c ol l e c t ( he ap_b) == 1) \ & & ( Bounde dBuf f e r _c ol . i ns t anc e [ _i nde x( he ap _b) ] . he ad == Bounde dBuf f e r_c ol . i ns t anc e [ _i nde x( he ap _b) ] . t ai l ) ) \ | | ( ( _c ol l e c t ( he ap _b) == 3) \ & & ( Bounde dBuf f e r _ c ol _0. i ns t anc e [ _i nde x( he ap _b) ] . he ad == Bounde dBuf f e r_ col _0. i ns t anc e [ _i nde x( he ap _b) ] . t ai l ) ) \ | | ( ( _c ol l e c t ( he ap _b) == 0) & & TRAP) ) 6

  7. Property Specification Problem Complications arise due to the dynamic nature of OO software Consider multiple instances of a bounded buffer class... I f a buf f e r i ns t a nc e be c om e s f ul l , Requirement: i t wi l l e ve nt ua l l y be c om e non - f ul l . In general, a heap object has no program-level name that persists throughout the lifetime of the object. Variables b1 b2 b3 Heap object What makes model-checking software difficult? OK Finite-state model or Error trace (Φ Ω) Model Checker Li ne 5: … Li ne 12: … Temporal logic formula Li ne 15: … Li ne 21: … Problems using existing checkers: � State explosion � Model Construction � Property specification � Output interpretation 7

  8. State Explosion Problem blah, blah, blah … � Moore’s law and algorithm advances can help � Holzmann: 7 days (1980) = = > 7 seconds (2000) � Explosive state growth in software limits scalability What makes model-checking software difficult? OK Finite-state model or Error trace (Φ Ω) Model Checker Li ne 5: … Li ne 12: … Temporal logic formula Li ne 15: … Li ne 21: … Problems using existing checkers: � State explosion � Model Construction � Property specification � Output interpretation 8

  9. Output Interpretation Problem Li ne 5: … voi d a dd( Obj e c t o) { Li ne 12: … buf f e r [ he a d] = o; Li ne 15: … he a d = ( he a d+1) % s i z e ; Li ne 21: … } Li ne 25: … Li ne 27: … Obj e c t t a ke ( ) { … Gap … Li ne 41: … t a i l =( t a i l +1) % s i z e ; Li ne 47: … r e t ur n buf f e r [ t a i l ] ; } Model Description Error trace Program Raw error trace may be 1000’s of steps long Must map line listing onto model description Mapping to source is made difficult by Semantic gap & clever encodings of complex features multiple optimizations and transformations Over-approximations in abstractions may yield infeasible error traces (how to decide if feasible or not?) Bandera: An open tool set for model-checking Java source code Graphical User Interface Optimization Control Checker Inputs Bandera Temporal Specification Model voi d a dd( Obj e c t o) { Checkers buf f e r [ he a d] = o; he a d = ( he a d+1) % s i z e ; } Transformation & Obj e c t t a ke ( ) { … t a i l =( t a i l +1) % s i z e ; Abstraction Tools r e t ur n buf f e r [ t a i l ] ; } Checker Java Source Outputs Error Trace Mapping Bandera 9

  10. Addressing the Model Construction Problem voi d a dd( Obj e c t o) { buf f e r [ he a d] = o; Static Analyses he a d = ( he a d+1) % s i z e ; } Abstract I nterpretation Obj e c t t a ke ( ) { … t a i l =( t a i l +1) % s i z e ; Optimizations Slicing r e t ur n buf f e r [ t a i l ] ; } Java Source Model Compiler Model Description Model extraction: compiling to model checker inputs: � Numerous analyses, optimizations, two intermediate languages, multiple back-ends � Slicing, abstract interpretation, specialization � Variety of usage modes: simple...highly tuned Addressing the Model Construction Problem Bandera Environment Generation Tools � Identify classes in unit � Automatically finds points of interaction (where unit calls outside classes or is called itself) Unit Code Base 10

  11. Addressing the Model Construction Problem Bandera Environment Java encoding of Generation Tools state-machine � Identify classes in unit � Automatically finds points of interaction (where unit calls outside classes or is called itself) Driver � Cuts away non-unit classes Unit � Automatically generates Stubs driver (generates calls to unit based on regular expression or LTL formula) Closed Unit Code Base � Automatically generates stubs Addressing the Property Specification Problem An extensible language based on field-tested temporal property specification patterns [ ] ( ( ope n / \ <>c l os e ) - > ( ( ! pus hX / \ ! c l os e ) U ( c l os e \ / ( ( pus hX / \ ! c l os e ) U ( c l os e \ / ( ( ! pus hX / \ ! c l os e ) U ( c l os e \ / ( ( pus hX / \ ! c l os e ) U ( c l os e \ / ( ! pus hX U c l os e ) ) ) ) ) ) ) ) ) ) Using the pattern system : 2-bounded existence Between { open} and { close} { pushX} exists atMost { 2} times; 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Modelio Nut Bandera Gonzlez Miguel Cuesta Martnez Mara Flrez Miranda Alejandro Matas

Modelio Nut Bandera Gonzlez Miguel Cuesta Martnez Mara Flrez Miranda Alejandro Matas

Modelio Nut Bandera Gonzlez Miguel Cuesta Martnez Mara Flrez Miranda Alejandro Matas Snchez What is Modelio? - Modeling environment - Emphasis on consistency checking - BPMN + UML support - Java code generation and reverse

522 views • 15 slides
The First Perspective Image Perspective in Art Giotto, 1300 Campin, 1430 (before perspective)

The First Perspective Image Perspective in Art Giotto, 1300 Campin, 1430 (before perspective)

Italian Art in the Late Middle Ages In the Renaissance Filippo Brunelleschi Before the Discovery of Perspective Discovered Perspective Perspective is nothing else than the seeing of an object through a sheet of glass, on the surface of

344 views • 6 slides
New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective

New Defence Perspective New Defence Perspective New Defence Perspective New Defence Perspective Innovative technology, knowledge, problem solving are critical for Canada and its allies to mitigate new threats, stay ahead of potential

469 views • 18 slides
Vctor Gonzalo Cristbal Adrin Prez Manso Daniel Adrin Mare Nut Bandera Gonzlez

Vctor Gonzalo Cristbal Adrin Prez Manso Daniel Adrin Mare Nut Bandera Gonzlez

Vctor Gonzalo Cristbal Adrin Prez Manso Daniel Adrin Mare Nut Bandera Gonzlez Luca Blanco Llera Sofa Garca Barbs Daniel Ruckert Garca WHAT IS VIADE? TECHNOLOGIES USED TECHNOLOGIES USED OUR APP VIADE_EN1A THE TEAM

594 views • 21 slides
SH 16 (Bandera Road) Community Engagement Community Engagement Plan Band ndera R Road T Task

SH 16 (Bandera Road) Community Engagement Community Engagement Plan Band ndera R Road T Task

SH 16 (Bandera Road) Community Engagement Community Engagement Plan Band ndera R Road T Task Force Ci City of San A n Ant ntonio B Band ndera Road Co Corridor P Plan Elected Officials City, State, and County Planners &amp;

219 views • 18 slides
Perspective LanguaL Structured Vocabulary: USDA Perspective Joanne Holden Perspective: Earth

Perspective LanguaL Structured Vocabulary: USDA Perspective Joanne Holden Perspective: Earth

Perspective LanguaL Structured Vocabulary: USDA Perspective Joanne Holden Perspective: Earth Rise from the Moon Perspective: Population Density Perspective: Lightening Strikes Perspective: Pollution in the Atmosphere Perspective: Water

473 views • 44 slides
AND GROUNDWATER DISTRICT OCTOBER 28, 2017 FLASH FLOOD PUBLIC INFORMATION MEETING Mission

AND GROUNDWATER DISTRICT OCTOBER 28, 2017 FLASH FLOOD PUBLIC INFORMATION MEETING Mission

BANDERA COUNTY RIVER AUTHORITY AND GROUNDWATER DISTRICT OCTOBER 28, 2017 FLASH FLOOD PUBLIC INFORMATION MEETING Mission statement The principal mission of the Bandera County River Authority and Groundwater District is to protect and

440 views • 43 slides
Sovereigntist Perspective (inside the EU) compendious legal external sovereignty towards rest

Sovereigntist Perspective (inside the EU) compendious legal external sovereignty towards rest

Europe and the Globe - Two Perspectives Sovereigntist Perspective Globally resilient framework still influential upon the EU Governance Perspective Alternative perspective the EU a key source Sovereigntist Perspective (inside the

124 views • 8 slides
A legal perspective A legal perspective A legal perspective A legal perspective I. Engineers

A legal perspective A legal perspective A legal perspective A legal perspective I. Engineers

Due diligence Due diligence A legal perspective A legal perspective A legal perspective A legal perspective I. Engineers from Earth and lawyers from Mars II. Outline of the law III. Example Sharyn Durley LLB IV. Questions

865 views • 21 slides
What is Perspective? A mechanism for portraying 3D in 2D True Perspective

What is Perspective? A mechanism for portraying 3D in 2D True Perspective

What is Perspective? A mechanism for portraying 3D in 2D True Perspective corresponds to projection onto a plane True Perspective corresponds to an ideal camera image ViewTransformations 3D world

642 views • 41 slides
Unit8: Perspective Mike Chantler, 3/10/2008 Unit contents Perspective Motion in three

Unit8: Perspective Mike Chantler, 3/10/2008 Unit contents Perspective Motion in three

Unit8: Perspective 3D Modelling &amp; Animation Module F21MA Unit8: Perspective Mike Chantler, 3/10/2008 Unit contents Perspective Motion in three dimensions Perspective distortion of images Manipulating multiple images in

546 views • 33 slides
Italian Art in the Late Middle Ages Before the Discovery of Perspective di Bartolo, The

Italian Art in the Late Middle Ages Before the Discovery of Perspective di Bartolo, The

In the Renaissance Filippo Brunelleschi Discovered Perspective Perspective is nothing else than the seeing of an object through a sheet of glass, on the surface of which may be marked all the things that are behind the glass. --

880 views • 11 slides
UK EMPLOYERS' PERSPECTIVE EU-INDIA MIGRATION AND MOBILITY 1) UK UNIQUE PERSPECTIVE UK opt

UK EMPLOYERS' PERSPECTIVE EU-INDIA MIGRATION AND MOBILITY 1) UK UNIQUE PERSPECTIVE UK opt

UK EMPLOYERS' PERSPECTIVE EU-INDIA MIGRATION AND MOBILITY 1) UK UNIQUE PERSPECTIVE UK opt out of EU immigration laws o 1997 Treaty of Amsterdam o No participation in Blue Card Directive or Intra-Company Transfers Indians take up

438 views • 5 slides
European Perspective Note From the Editors: This installment of our European Perspective

European Perspective Note From the Editors: This installment of our European Perspective

European Perspective Note From the Editors: This installment of our European Perspective column has been contributed by Michael Rutstein, a partner in Jones Days global Business Restructuring &amp; Reorganization Practice. Based in

119 views • 11 slides
Socio-technical perspective Learning objectives Understand a socio-technical perspective

Socio-technical perspective Learning objectives Understand a socio-technical perspective

IN 5210 25 Sep 2017 Socio-technical perspective Learning objectives Understand a socio-technical perspective Able to apply a socio-technical perspective in the analysis and design of information systems Core reading Mumford

651 views • 24 slides
Regulators perspective on Quality by Design - BWP perspective Kowid HO, BWP 29/09/2009

Regulators perspective on Quality by Design - BWP perspective Kowid HO, BWP 29/09/2009

Regulators perspective on Quality by Design - BWP perspective Kowid HO, BWP 29/09/2009 EMEA/Efpia QbD Application Workshop - London Typical biotech manufacturing process Wild vector Gene of interest Expression vector Host cell Genetic

309 views • 18 slides
SEARCH RESULTS CLUSTERING (and its applications to the Polish language) Dawid Weiss Pozna

SEARCH RESULTS CLUSTERING (and its applications to the Polish language) Dawid Weiss Pozna

Slide 1 This is a slideshow presented at the 6th International This is a slideshow presented at the 6th International Conference on Soft Computing and Distributed Conference on Soft Computing and Distributed Processing, Rzeszw, Poland.

388 views • 27 slides
Using Data Fusion and Web Mining to Support Feature Location in Software SEMERU Feature: a

Using Data Fusion and Web Mining to Support Feature Location in Software SEMERU Feature: a

Using Data Fusion and Web Mining to Support Feature Location in Software SEMERU Feature: a requirement that user can invoke and that has an observable behavior. Feature Location Impact Analysis Existing Feature Location Work Static

881 views • 47 slides
Social Media Strategy Lee Frederiksen, Ph.D. Presenter Lee Frederiksen, Ph.D. Managing Partner,

Social Media Strategy Lee Frederiksen, Ph.D. Presenter Lee Frederiksen, Ph.D. Managing Partner,

APRIL 10, 2018 Social Media Strategy Lee Frederiksen, Ph.D. Presenter Lee Frederiksen, Ph.D. Managing Partner, Hinge Marketing lfrederiksen@hingemarketing.com Connect with me on LinkedIn: in/leefrederiksen Connect on Twitter:

750 views • 31 slides
Web 2.0 features Collective intelligence Chapter 6 Design for Collective Intelligence

Web 2.0 features Collective intelligence Chapter 6 Design for Collective Intelligence

Edit Web 2.0 features Collective intelligence Chapter 6 Design for Collective Intelligence Complex system a system composed of interconnected parts that as a whole exhibit properties not obvious from the properties of the individual

1.08k views • 42 slides
Interaction Design 9-12-2012 Overview of Interaction Design Understanding the Problem

Interaction Design 9-12-2012 Overview of Interaction Design Understanding the Problem

Interaction Design 9-12-2012 Overview of Interaction Design Understanding the Problem Space Conceptualizing the Design Space HW#2 posted, due Wednesday 9/19 Activity#3 due Monday, 9/24/12 Select your presentation topic PR#1

881 views • 23 slides
Micro Content Its Kind of a Big Deal PRESENTED BY Paul Stoecklein MadCap Software Director

Micro Content Its Kind of a Big Deal PRESENTED BY Paul Stoecklein MadCap Software Director

Micro Content Its Kind of a Big Deal PRESENTED BY Paul Stoecklein MadCap Software Director of Documentation WHAT IS MICRO CONTENT? Short, concise information Easily consumable Standalone Popular with marketing, social media,

305 views • 16 slides
Development of a text search engine for medicinal chemistry patents Emilie Pasche, Julien

Development of a text search engine for medicinal chemistry patents Emilie Pasche, Julien

Development of a text search engine for medicinal chemistry patents Emilie Pasche, Julien Gobeill, Fatma Oezdemir-Zaech, Thrse Vachon, Christian Lovis, Patrick Ruch Presented by Patrick Ruch November 14-16, 2012 NETTAB 2012, Como

424 views • 14 slides
Analog IC Lay Analog IC Layout out Le Lever eraging ging Human Human and Mac and Machine

Analog IC Lay Analog IC Layout out Le Lever eraging ging Human Human and Mac and Machine

MAGICAL: T MA GICAL: Towar ard Full d Fully y Automa utomated ted Analog IC Lay Analog IC Layout out Le Lever eraging ging Human Human and Mac and Machine Intelligence hine Intelligence Biying Xu, Keren Zhu, Mingjie Liu, Yibo Lin,

786 views • 30 slides

More recommend